1 /**
2  * \file md.c
3  *
4  * \brief Generic message digest wrapper for Mbed TLS
5  *
6  * \author Adriaan de Jong <dejong@fox-it.com>
7  *
8  *  Copyright The Mbed TLS Contributors
9  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10  */
11 
12 #include "common.h"
13 
14 /*
15  * Availability of functions in this module is controlled by two
16  * feature macros:
17  * - MBEDTLS_MD_C enables the whole module;
18  * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
19  * most hash metadata (everything except string names); is it
20  * automatically set whenever MBEDTLS_MD_C is defined.
21  *
22  * In this file, functions from MD_LIGHT are at the top, MD_C at the end.
23  *
24  * In the future we may want to change the contract of some functions
25  * (behaviour with NULL arguments) depending on whether MD_C is defined or
26  * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
27  *
28  * For these reasons, we're keeping MD_LIGHT internal for now.
29  */
30 #if defined(MBEDTLS_MD_LIGHT)
31 
32 #include "mbedtls/md.h"
33 #include "md_wrap.h"
34 #include "mbedtls/platform_util.h"
35 #include "mbedtls/error.h"
36 
37 #include "mbedtls/md5.h"
38 #include "mbedtls/ripemd160.h"
39 #include "mbedtls/sha1.h"
40 #include "mbedtls/sha256.h"
41 #include "mbedtls/sha512.h"
42 #include "mbedtls/sha3.h"
43 
44 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
45 #include <psa/crypto.h>
46 #include "md_psa.h"
47 #include "psa_util_internal.h"
48 #endif
49 
50 #if defined(MBEDTLS_MD_SOME_PSA)
51 #include "psa_crypto_core.h"
52 #endif
53 
54 #include "mbedtls/platform.h"
55 
56 #include <string.h>
57 
58 #if defined(MBEDTLS_FS_IO)
59 #include <stdio.h>
60 #endif
61 
62 /* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
63 #if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
64 #error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
65 #endif
66 
67 #if defined(MBEDTLS_MD_C)
68 #define MD_INFO(type, out_size, block_size) type, out_size, block_size,
69 #else
70 #define MD_INFO(type, out_size, block_size) type, out_size,
71 #endif
72 
73 #if defined(MBEDTLS_MD_CAN_MD5)
74 static const mbedtls_md_info_t mbedtls_md5_info = {
75     MD_INFO(MBEDTLS_MD_MD5, 16, 64)
76 };
77 #endif
78 
79 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
80 static const mbedtls_md_info_t mbedtls_ripemd160_info = {
81     MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
82 };
83 #endif
84 
85 #if defined(MBEDTLS_MD_CAN_SHA1)
86 static const mbedtls_md_info_t mbedtls_sha1_info = {
87     MD_INFO(MBEDTLS_MD_SHA1, 20, 64)
88 };
89 #endif
90 
91 #if defined(MBEDTLS_MD_CAN_SHA224)
92 static const mbedtls_md_info_t mbedtls_sha224_info = {
93     MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
94 };
95 #endif
96 
97 #if defined(MBEDTLS_MD_CAN_SHA256)
98 static const mbedtls_md_info_t mbedtls_sha256_info = {
99     MD_INFO(MBEDTLS_MD_SHA256, 32, 64)
100 };
101 #endif
102 
103 #if defined(MBEDTLS_MD_CAN_SHA384)
104 static const mbedtls_md_info_t mbedtls_sha384_info = {
105     MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
106 };
107 #endif
108 
109 #if defined(MBEDTLS_MD_CAN_SHA512)
110 static const mbedtls_md_info_t mbedtls_sha512_info = {
111     MD_INFO(MBEDTLS_MD_SHA512, 64, 128)
112 };
113 #endif
114 
115 #if defined(MBEDTLS_MD_CAN_SHA3_224)
116 static const mbedtls_md_info_t mbedtls_sha3_224_info = {
117     MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144)
118 };
119 #endif
120 
121 #if defined(MBEDTLS_MD_CAN_SHA3_256)
122 static const mbedtls_md_info_t mbedtls_sha3_256_info = {
123     MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136)
124 };
125 #endif
126 
127 #if defined(MBEDTLS_MD_CAN_SHA3_384)
128 static const mbedtls_md_info_t mbedtls_sha3_384_info = {
129     MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104)
130 };
131 #endif
132 
133 #if defined(MBEDTLS_MD_CAN_SHA3_512)
134 static const mbedtls_md_info_t mbedtls_sha3_512_info = {
135     MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
136 };
137 #endif
138 
mbedtls_md_info_from_type(mbedtls_md_type_t md_type)139 const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
140 {
141     switch (md_type) {
142 #if defined(MBEDTLS_MD_CAN_MD5)
143         case MBEDTLS_MD_MD5:
144             return &mbedtls_md5_info;
145 #endif
146 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
147         case MBEDTLS_MD_RIPEMD160:
148             return &mbedtls_ripemd160_info;
149 #endif
150 #if defined(MBEDTLS_MD_CAN_SHA1)
151         case MBEDTLS_MD_SHA1:
152             return &mbedtls_sha1_info;
153 #endif
154 #if defined(MBEDTLS_MD_CAN_SHA224)
155         case MBEDTLS_MD_SHA224:
156             return &mbedtls_sha224_info;
157 #endif
158 #if defined(MBEDTLS_MD_CAN_SHA256)
159         case MBEDTLS_MD_SHA256:
160             return &mbedtls_sha256_info;
161 #endif
162 #if defined(MBEDTLS_MD_CAN_SHA384)
163         case MBEDTLS_MD_SHA384:
164             return &mbedtls_sha384_info;
165 #endif
166 #if defined(MBEDTLS_MD_CAN_SHA512)
167         case MBEDTLS_MD_SHA512:
168             return &mbedtls_sha512_info;
169 #endif
170 #if defined(MBEDTLS_MD_CAN_SHA3_224)
171         case MBEDTLS_MD_SHA3_224:
172             return &mbedtls_sha3_224_info;
173 #endif
174 #if defined(MBEDTLS_MD_CAN_SHA3_256)
175         case MBEDTLS_MD_SHA3_256:
176             return &mbedtls_sha3_256_info;
177 #endif
178 #if defined(MBEDTLS_MD_CAN_SHA3_384)
179         case MBEDTLS_MD_SHA3_384:
180             return &mbedtls_sha3_384_info;
181 #endif
182 #if defined(MBEDTLS_MD_CAN_SHA3_512)
183         case MBEDTLS_MD_SHA3_512:
184             return &mbedtls_sha3_512_info;
185 #endif
186         default:
187             return NULL;
188     }
189 }
190 
191 #if defined(MBEDTLS_MD_SOME_PSA)
psa_alg_of_md(const mbedtls_md_info_t * info)192 static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info)
193 {
194     switch (info->type) {
195 #if defined(MBEDTLS_MD_MD5_VIA_PSA)
196         case MBEDTLS_MD_MD5:
197             return PSA_ALG_MD5;
198 #endif
199 #if defined(MBEDTLS_MD_RIPEMD160_VIA_PSA)
200         case MBEDTLS_MD_RIPEMD160:
201             return PSA_ALG_RIPEMD160;
202 #endif
203 #if defined(MBEDTLS_MD_SHA1_VIA_PSA)
204         case MBEDTLS_MD_SHA1:
205             return PSA_ALG_SHA_1;
206 #endif
207 #if defined(MBEDTLS_MD_SHA224_VIA_PSA)
208         case MBEDTLS_MD_SHA224:
209             return PSA_ALG_SHA_224;
210 #endif
211 #if defined(MBEDTLS_MD_SHA256_VIA_PSA)
212         case MBEDTLS_MD_SHA256:
213             return PSA_ALG_SHA_256;
214 #endif
215 #if defined(MBEDTLS_MD_SHA384_VIA_PSA)
216         case MBEDTLS_MD_SHA384:
217             return PSA_ALG_SHA_384;
218 #endif
219 #if defined(MBEDTLS_MD_SHA512_VIA_PSA)
220         case MBEDTLS_MD_SHA512:
221             return PSA_ALG_SHA_512;
222 #endif
223 #if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
224         case MBEDTLS_MD_SHA3_224:
225             return PSA_ALG_SHA3_224;
226 #endif
227 #if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
228         case MBEDTLS_MD_SHA3_256:
229             return PSA_ALG_SHA3_256;
230 #endif
231 #if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
232         case MBEDTLS_MD_SHA3_384:
233             return PSA_ALG_SHA3_384;
234 #endif
235 #if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
236         case MBEDTLS_MD_SHA3_512:
237             return PSA_ALG_SHA3_512;
238 #endif
239         default:
240             return PSA_ALG_NONE;
241     }
242 }
243 
md_can_use_psa(const mbedtls_md_info_t * info)244 static int md_can_use_psa(const mbedtls_md_info_t *info)
245 {
246     psa_algorithm_t alg = psa_alg_of_md(info);
247     if (alg == PSA_ALG_NONE) {
248         return 0;
249     }
250 
251     return psa_can_do_hash(alg);
252 }
253 #endif /* MBEDTLS_MD_SOME_PSA */
254 
mbedtls_md_init(mbedtls_md_context_t * ctx)255 void mbedtls_md_init(mbedtls_md_context_t *ctx)
256 {
257     /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */
258     memset(ctx, 0, sizeof(mbedtls_md_context_t));
259 }
260 
mbedtls_md_free(mbedtls_md_context_t * ctx)261 void mbedtls_md_free(mbedtls_md_context_t *ctx)
262 {
263     if (ctx == NULL || ctx->md_info == NULL) {
264         return;
265     }
266 
267     if (ctx->md_ctx != NULL) {
268 #if defined(MBEDTLS_MD_SOME_PSA)
269         if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
270             psa_hash_abort(ctx->md_ctx);
271         } else
272 #endif
273         switch (ctx->md_info->type) {
274 #if defined(MBEDTLS_MD5_C)
275             case MBEDTLS_MD_MD5:
276                 mbedtls_md5_free(ctx->md_ctx);
277                 break;
278 #endif
279 #if defined(MBEDTLS_RIPEMD160_C)
280             case MBEDTLS_MD_RIPEMD160:
281                 mbedtls_ripemd160_free(ctx->md_ctx);
282                 break;
283 #endif
284 #if defined(MBEDTLS_SHA1_C)
285             case MBEDTLS_MD_SHA1:
286                 mbedtls_sha1_free(ctx->md_ctx);
287                 break;
288 #endif
289 #if defined(MBEDTLS_SHA224_C)
290             case MBEDTLS_MD_SHA224:
291                 mbedtls_sha256_free(ctx->md_ctx);
292                 break;
293 #endif
294 #if defined(MBEDTLS_SHA256_C)
295             case MBEDTLS_MD_SHA256:
296                 mbedtls_sha256_free(ctx->md_ctx);
297                 break;
298 #endif
299 #if defined(MBEDTLS_SHA384_C)
300             case MBEDTLS_MD_SHA384:
301                 mbedtls_sha512_free(ctx->md_ctx);
302                 break;
303 #endif
304 #if defined(MBEDTLS_SHA512_C)
305             case MBEDTLS_MD_SHA512:
306                 mbedtls_sha512_free(ctx->md_ctx);
307                 break;
308 #endif
309 #if defined(MBEDTLS_SHA3_C)
310             case MBEDTLS_MD_SHA3_224:
311             case MBEDTLS_MD_SHA3_256:
312             case MBEDTLS_MD_SHA3_384:
313             case MBEDTLS_MD_SHA3_512:
314                 mbedtls_sha3_free(ctx->md_ctx);
315                 break;
316 #endif
317             default:
318                 /* Shouldn't happen */
319                 break;
320         }
321         mbedtls_free(ctx->md_ctx);
322     }
323 
324 #if defined(MBEDTLS_MD_C)
325     if (ctx->hmac_ctx != NULL) {
326         mbedtls_zeroize_and_free(ctx->hmac_ctx,
327                                  2 * ctx->md_info->block_size);
328     }
329 #endif
330 
331     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
332 }
333 
mbedtls_md_clone(mbedtls_md_context_t * dst,const mbedtls_md_context_t * src)334 int mbedtls_md_clone(mbedtls_md_context_t *dst,
335                      const mbedtls_md_context_t *src)
336 {
337     if (dst == NULL || dst->md_info == NULL ||
338         src == NULL || src->md_info == NULL ||
339         dst->md_info != src->md_info) {
340         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
341     }
342 
343 #if defined(MBEDTLS_MD_SOME_PSA)
344     if (src->engine != dst->engine) {
345         /* This can happen with src set to legacy because PSA wasn't ready
346          * yet, and dst to PSA because it became ready in the meantime.
347          * We currently don't support that case (we'd need to re-allocate
348          * md_ctx to the size of the appropriate MD context). */
349         return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
350     }
351 
352     if (src->engine == MBEDTLS_MD_ENGINE_PSA) {
353         psa_status_t status = psa_hash_clone(src->md_ctx, dst->md_ctx);
354         return mbedtls_md_error_from_psa(status);
355     }
356 #endif
357 
358     switch (src->md_info->type) {
359 #if defined(MBEDTLS_MD5_C)
360         case MBEDTLS_MD_MD5:
361             mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
362             break;
363 #endif
364 #if defined(MBEDTLS_RIPEMD160_C)
365         case MBEDTLS_MD_RIPEMD160:
366             mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
367             break;
368 #endif
369 #if defined(MBEDTLS_SHA1_C)
370         case MBEDTLS_MD_SHA1:
371             mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
372             break;
373 #endif
374 #if defined(MBEDTLS_SHA224_C)
375         case MBEDTLS_MD_SHA224:
376             mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
377             break;
378 #endif
379 #if defined(MBEDTLS_SHA256_C)
380         case MBEDTLS_MD_SHA256:
381             mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
382             break;
383 #endif
384 #if defined(MBEDTLS_SHA384_C)
385         case MBEDTLS_MD_SHA384:
386             mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
387             break;
388 #endif
389 #if defined(MBEDTLS_SHA512_C)
390         case MBEDTLS_MD_SHA512:
391             mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
392             break;
393 #endif
394 #if defined(MBEDTLS_SHA3_C)
395         case MBEDTLS_MD_SHA3_224:
396         case MBEDTLS_MD_SHA3_256:
397         case MBEDTLS_MD_SHA3_384:
398         case MBEDTLS_MD_SHA3_512:
399             mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
400             break;
401 #endif
402         default:
403             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
404     }
405 
406     return 0;
407 }
408 
409 #define ALLOC(type)                                                   \
410     do {                                                                \
411         ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
412         if (ctx->md_ctx == NULL)                                       \
413         return MBEDTLS_ERR_MD_ALLOC_FAILED;                      \
414         mbedtls_##type##_init(ctx->md_ctx);                           \
415     }                                                                   \
416     while (0)
417 
mbedtls_md_setup(mbedtls_md_context_t * ctx,const mbedtls_md_info_t * md_info,int hmac)418 int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
419 {
420 #if defined(MBEDTLS_MD_C)
421     if (ctx == NULL) {
422         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
423     }
424 #endif
425     if (md_info == NULL) {
426         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
427     }
428 
429     ctx->md_info = md_info;
430     ctx->md_ctx = NULL;
431 #if defined(MBEDTLS_MD_C)
432     ctx->hmac_ctx = NULL;
433 #else
434     if (hmac != 0) {
435         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
436     }
437 #endif
438 
439 #if defined(MBEDTLS_MD_SOME_PSA)
440     if (md_can_use_psa(ctx->md_info)) {
441         ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t));
442         if (ctx->md_ctx == NULL) {
443             return MBEDTLS_ERR_MD_ALLOC_FAILED;
444         }
445         ctx->engine = MBEDTLS_MD_ENGINE_PSA;
446     } else
447 #endif
448     switch (md_info->type) {
449 #if defined(MBEDTLS_MD5_C)
450         case MBEDTLS_MD_MD5:
451             ALLOC(md5);
452             break;
453 #endif
454 #if defined(MBEDTLS_RIPEMD160_C)
455         case MBEDTLS_MD_RIPEMD160:
456             ALLOC(ripemd160);
457             break;
458 #endif
459 #if defined(MBEDTLS_SHA1_C)
460         case MBEDTLS_MD_SHA1:
461             ALLOC(sha1);
462             break;
463 #endif
464 #if defined(MBEDTLS_SHA224_C)
465         case MBEDTLS_MD_SHA224:
466             ALLOC(sha256);
467             break;
468 #endif
469 #if defined(MBEDTLS_SHA256_C)
470         case MBEDTLS_MD_SHA256:
471             ALLOC(sha256);
472             break;
473 #endif
474 #if defined(MBEDTLS_SHA384_C)
475         case MBEDTLS_MD_SHA384:
476             ALLOC(sha512);
477             break;
478 #endif
479 #if defined(MBEDTLS_SHA512_C)
480         case MBEDTLS_MD_SHA512:
481             ALLOC(sha512);
482             break;
483 #endif
484 #if defined(MBEDTLS_SHA3_C)
485         case MBEDTLS_MD_SHA3_224:
486         case MBEDTLS_MD_SHA3_256:
487         case MBEDTLS_MD_SHA3_384:
488         case MBEDTLS_MD_SHA3_512:
489             ALLOC(sha3);
490             break;
491 #endif
492         default:
493             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
494     }
495 
496 #if defined(MBEDTLS_MD_C)
497     if (hmac != 0) {
498         ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
499         if (ctx->hmac_ctx == NULL) {
500             mbedtls_md_free(ctx);
501             return MBEDTLS_ERR_MD_ALLOC_FAILED;
502         }
503     }
504 #endif
505 
506     return 0;
507 }
508 #undef ALLOC
509 
mbedtls_md_starts(mbedtls_md_context_t * ctx)510 int mbedtls_md_starts(mbedtls_md_context_t *ctx)
511 {
512 #if defined(MBEDTLS_MD_C)
513     if (ctx == NULL || ctx->md_info == NULL) {
514         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
515     }
516 #endif
517 
518 #if defined(MBEDTLS_MD_SOME_PSA)
519     if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
520         psa_algorithm_t alg = psa_alg_of_md(ctx->md_info);
521         psa_hash_abort(ctx->md_ctx);
522         psa_status_t status = psa_hash_setup(ctx->md_ctx, alg);
523         return mbedtls_md_error_from_psa(status);
524     }
525 #endif
526 
527     switch (ctx->md_info->type) {
528 #if defined(MBEDTLS_MD5_C)
529         case MBEDTLS_MD_MD5:
530             return mbedtls_md5_starts(ctx->md_ctx);
531 #endif
532 #if defined(MBEDTLS_RIPEMD160_C)
533         case MBEDTLS_MD_RIPEMD160:
534             return mbedtls_ripemd160_starts(ctx->md_ctx);
535 #endif
536 #if defined(MBEDTLS_SHA1_C)
537         case MBEDTLS_MD_SHA1:
538             return mbedtls_sha1_starts(ctx->md_ctx);
539 #endif
540 #if defined(MBEDTLS_SHA224_C)
541         case MBEDTLS_MD_SHA224:
542             return mbedtls_sha256_starts(ctx->md_ctx, 1);
543 #endif
544 #if defined(MBEDTLS_SHA256_C)
545         case MBEDTLS_MD_SHA256:
546             return mbedtls_sha256_starts(ctx->md_ctx, 0);
547 #endif
548 #if defined(MBEDTLS_SHA384_C)
549         case MBEDTLS_MD_SHA384:
550             return mbedtls_sha512_starts(ctx->md_ctx, 1);
551 #endif
552 #if defined(MBEDTLS_SHA512_C)
553         case MBEDTLS_MD_SHA512:
554             return mbedtls_sha512_starts(ctx->md_ctx, 0);
555 #endif
556 #if defined(MBEDTLS_SHA3_C)
557         case MBEDTLS_MD_SHA3_224:
558             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
559         case MBEDTLS_MD_SHA3_256:
560             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
561         case MBEDTLS_MD_SHA3_384:
562             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
563         case MBEDTLS_MD_SHA3_512:
564             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
565 #endif
566         default:
567             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
568     }
569 }
570 
mbedtls_md_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)571 int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
572 {
573 #if defined(MBEDTLS_MD_C)
574     if (ctx == NULL || ctx->md_info == NULL) {
575         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
576     }
577 #endif
578 
579 #if defined(MBEDTLS_MD_SOME_PSA)
580     if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
581         psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen);
582         return mbedtls_md_error_from_psa(status);
583     }
584 #endif
585 
586     switch (ctx->md_info->type) {
587 #if defined(MBEDTLS_MD5_C)
588         case MBEDTLS_MD_MD5:
589             return mbedtls_md5_update(ctx->md_ctx, input, ilen);
590 #endif
591 #if defined(MBEDTLS_RIPEMD160_C)
592         case MBEDTLS_MD_RIPEMD160:
593             return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen);
594 #endif
595 #if defined(MBEDTLS_SHA1_C)
596         case MBEDTLS_MD_SHA1:
597             return mbedtls_sha1_update(ctx->md_ctx, input, ilen);
598 #endif
599 #if defined(MBEDTLS_SHA224_C)
600         case MBEDTLS_MD_SHA224:
601             return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
602 #endif
603 #if defined(MBEDTLS_SHA256_C)
604         case MBEDTLS_MD_SHA256:
605             return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
606 #endif
607 #if defined(MBEDTLS_SHA384_C)
608         case MBEDTLS_MD_SHA384:
609             return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
610 #endif
611 #if defined(MBEDTLS_SHA512_C)
612         case MBEDTLS_MD_SHA512:
613             return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
614 #endif
615 #if defined(MBEDTLS_SHA3_C)
616         case MBEDTLS_MD_SHA3_224:
617         case MBEDTLS_MD_SHA3_256:
618         case MBEDTLS_MD_SHA3_384:
619         case MBEDTLS_MD_SHA3_512:
620             return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
621 #endif
622         default:
623             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
624     }
625 }
626 
mbedtls_md_finish(mbedtls_md_context_t * ctx,unsigned char * output)627 int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
628 {
629 #if defined(MBEDTLS_MD_C)
630     if (ctx == NULL || ctx->md_info == NULL) {
631         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
632     }
633 #endif
634 
635 #if defined(MBEDTLS_MD_SOME_PSA)
636     if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
637         size_t size = ctx->md_info->size;
638         psa_status_t status = psa_hash_finish(ctx->md_ctx,
639                                               output, size, &size);
640         return mbedtls_md_error_from_psa(status);
641     }
642 #endif
643 
644     switch (ctx->md_info->type) {
645 #if defined(MBEDTLS_MD5_C)
646         case MBEDTLS_MD_MD5:
647             return mbedtls_md5_finish(ctx->md_ctx, output);
648 #endif
649 #if defined(MBEDTLS_RIPEMD160_C)
650         case MBEDTLS_MD_RIPEMD160:
651             return mbedtls_ripemd160_finish(ctx->md_ctx, output);
652 #endif
653 #if defined(MBEDTLS_SHA1_C)
654         case MBEDTLS_MD_SHA1:
655             return mbedtls_sha1_finish(ctx->md_ctx, output);
656 #endif
657 #if defined(MBEDTLS_SHA224_C)
658         case MBEDTLS_MD_SHA224:
659             return mbedtls_sha256_finish(ctx->md_ctx, output);
660 #endif
661 #if defined(MBEDTLS_SHA256_C)
662         case MBEDTLS_MD_SHA256:
663             return mbedtls_sha256_finish(ctx->md_ctx, output);
664 #endif
665 #if defined(MBEDTLS_SHA384_C)
666         case MBEDTLS_MD_SHA384:
667             return mbedtls_sha512_finish(ctx->md_ctx, output);
668 #endif
669 #if defined(MBEDTLS_SHA512_C)
670         case MBEDTLS_MD_SHA512:
671             return mbedtls_sha512_finish(ctx->md_ctx, output);
672 #endif
673 #if defined(MBEDTLS_SHA3_C)
674         case MBEDTLS_MD_SHA3_224:
675         case MBEDTLS_MD_SHA3_256:
676         case MBEDTLS_MD_SHA3_384:
677         case MBEDTLS_MD_SHA3_512:
678             return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
679 #endif
680         default:
681             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
682     }
683 }
684 
mbedtls_md(const mbedtls_md_info_t * md_info,const unsigned char * input,size_t ilen,unsigned char * output)685 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
686                unsigned char *output)
687 {
688     if (md_info == NULL) {
689         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
690     }
691 
692 #if defined(MBEDTLS_MD_SOME_PSA)
693     if (md_can_use_psa(md_info)) {
694         size_t size = md_info->size;
695         psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info),
696                                                input, ilen,
697                                                output, size, &size);
698         return mbedtls_md_error_from_psa(status);
699     }
700 #endif
701 
702     switch (md_info->type) {
703 #if defined(MBEDTLS_MD5_C)
704         case MBEDTLS_MD_MD5:
705             return mbedtls_md5(input, ilen, output);
706 #endif
707 #if defined(MBEDTLS_RIPEMD160_C)
708         case MBEDTLS_MD_RIPEMD160:
709             return mbedtls_ripemd160(input, ilen, output);
710 #endif
711 #if defined(MBEDTLS_SHA1_C)
712         case MBEDTLS_MD_SHA1:
713             return mbedtls_sha1(input, ilen, output);
714 #endif
715 #if defined(MBEDTLS_SHA224_C)
716         case MBEDTLS_MD_SHA224:
717             return mbedtls_sha256(input, ilen, output, 1);
718 #endif
719 #if defined(MBEDTLS_SHA256_C)
720         case MBEDTLS_MD_SHA256:
721             return mbedtls_sha256(input, ilen, output, 0);
722 #endif
723 #if defined(MBEDTLS_SHA384_C)
724         case MBEDTLS_MD_SHA384:
725             return mbedtls_sha512(input, ilen, output, 1);
726 #endif
727 #if defined(MBEDTLS_SHA512_C)
728         case MBEDTLS_MD_SHA512:
729             return mbedtls_sha512(input, ilen, output, 0);
730 #endif
731 #if defined(MBEDTLS_SHA3_C)
732         case MBEDTLS_MD_SHA3_224:
733             return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
734         case MBEDTLS_MD_SHA3_256:
735             return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
736         case MBEDTLS_MD_SHA3_384:
737             return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
738         case MBEDTLS_MD_SHA3_512:
739             return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
740 #endif
741         default:
742             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
743     }
744 }
745 
mbedtls_md_get_size(const mbedtls_md_info_t * md_info)746 unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
747 {
748     if (md_info == NULL) {
749         return 0;
750     }
751 
752     return md_info->size;
753 }
754 
mbedtls_md_get_type(const mbedtls_md_info_t * md_info)755 mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
756 {
757     if (md_info == NULL) {
758         return MBEDTLS_MD_NONE;
759     }
760 
761     return md_info->type;
762 }
763 
764 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
mbedtls_md_error_from_psa(psa_status_t status)765 int mbedtls_md_error_from_psa(psa_status_t status)
766 {
767     return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
768                                    psa_generic_status_to_mbedtls);
769 }
770 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
771 
772 
773 /************************************************************************
774  * Functions above this separator are part of MBEDTLS_MD_LIGHT,         *
775  * functions below are only available when MBEDTLS_MD_C is set.         *
776  ************************************************************************/
777 #if defined(MBEDTLS_MD_C)
778 
779 /*
780  * Reminder: update profiles in x509_crt.c when adding a new hash!
781  */
782 static const int supported_digests[] = {
783 
784 #if defined(MBEDTLS_MD_CAN_SHA512)
785     MBEDTLS_MD_SHA512,
786 #endif
787 
788 #if defined(MBEDTLS_MD_CAN_SHA384)
789     MBEDTLS_MD_SHA384,
790 #endif
791 
792 #if defined(MBEDTLS_MD_CAN_SHA256)
793     MBEDTLS_MD_SHA256,
794 #endif
795 #if defined(MBEDTLS_MD_CAN_SHA224)
796     MBEDTLS_MD_SHA224,
797 #endif
798 
799 #if defined(MBEDTLS_MD_CAN_SHA1)
800     MBEDTLS_MD_SHA1,
801 #endif
802 
803 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
804     MBEDTLS_MD_RIPEMD160,
805 #endif
806 
807 #if defined(MBEDTLS_MD_CAN_MD5)
808     MBEDTLS_MD_MD5,
809 #endif
810 
811 #if defined(MBEDTLS_MD_CAN_SHA3_224)
812     MBEDTLS_MD_SHA3_224,
813 #endif
814 
815 #if defined(MBEDTLS_MD_CAN_SHA3_256)
816     MBEDTLS_MD_SHA3_256,
817 #endif
818 
819 #if defined(MBEDTLS_MD_CAN_SHA3_384)
820     MBEDTLS_MD_SHA3_384,
821 #endif
822 
823 #if defined(MBEDTLS_MD_CAN_SHA3_512)
824     MBEDTLS_MD_SHA3_512,
825 #endif
826 
827     MBEDTLS_MD_NONE
828 };
829 
mbedtls_md_list(void)830 const int *mbedtls_md_list(void)
831 {
832     return supported_digests;
833 }
834 
835 typedef struct {
836     const char *md_name;
837     mbedtls_md_type_t md_type;
838 } md_name_entry;
839 
840 static const md_name_entry md_names[] = {
841 #if defined(MBEDTLS_MD_CAN_MD5)
842     { "MD5", MBEDTLS_MD_MD5 },
843 #endif
844 #if defined(MBEDTLS_MD_CAN_RIPEMD160)
845     { "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
846 #endif
847 #if defined(MBEDTLS_MD_CAN_SHA1)
848     { "SHA1", MBEDTLS_MD_SHA1 },
849     { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
850 #endif
851 #if defined(MBEDTLS_MD_CAN_SHA224)
852     { "SHA224", MBEDTLS_MD_SHA224 },
853 #endif
854 #if defined(MBEDTLS_MD_CAN_SHA256)
855     { "SHA256", MBEDTLS_MD_SHA256 },
856 #endif
857 #if defined(MBEDTLS_MD_CAN_SHA384)
858     { "SHA384", MBEDTLS_MD_SHA384 },
859 #endif
860 #if defined(MBEDTLS_MD_CAN_SHA512)
861     { "SHA512", MBEDTLS_MD_SHA512 },
862 #endif
863 #if defined(MBEDTLS_MD_CAN_SHA3_224)
864     { "SHA3-224", MBEDTLS_MD_SHA3_224 },
865 #endif
866 #if defined(MBEDTLS_MD_CAN_SHA3_256)
867     { "SHA3-256", MBEDTLS_MD_SHA3_256 },
868 #endif
869 #if defined(MBEDTLS_MD_CAN_SHA3_384)
870     { "SHA3-384", MBEDTLS_MD_SHA3_384 },
871 #endif
872 #if defined(MBEDTLS_MD_CAN_SHA3_512)
873     { "SHA3-512", MBEDTLS_MD_SHA3_512 },
874 #endif
875     { NULL, MBEDTLS_MD_NONE },
876 };
877 
mbedtls_md_info_from_string(const char * md_name)878 const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
879 {
880     if (NULL == md_name) {
881         return NULL;
882     }
883 
884     const md_name_entry *entry = md_names;
885     while (entry->md_name != NULL &&
886            strcmp(entry->md_name, md_name) != 0) {
887         ++entry;
888     }
889 
890     return mbedtls_md_info_from_type(entry->md_type);
891 }
892 
mbedtls_md_get_name(const mbedtls_md_info_t * md_info)893 const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
894 {
895     if (md_info == NULL) {
896         return NULL;
897     }
898 
899     const md_name_entry *entry = md_names;
900     while (entry->md_type != MBEDTLS_MD_NONE &&
901            entry->md_type != md_info->type) {
902         ++entry;
903     }
904 
905     return entry->md_name;
906 }
907 
mbedtls_md_info_from_ctx(const mbedtls_md_context_t * ctx)908 const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
909     const mbedtls_md_context_t *ctx)
910 {
911     if (ctx == NULL) {
912         return NULL;
913     }
914 
915     return ctx->MBEDTLS_PRIVATE(md_info);
916 }
917 
918 #if defined(MBEDTLS_FS_IO)
mbedtls_md_file(const mbedtls_md_info_t * md_info,const char * path,unsigned char * output)919 int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
920 {
921     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
922     FILE *f;
923     size_t n;
924     mbedtls_md_context_t ctx;
925     unsigned char buf[1024];
926 
927     if (md_info == NULL) {
928         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
929     }
930 
931     if ((f = fopen(path, "rb")) == NULL) {
932         return MBEDTLS_ERR_MD_FILE_IO_ERROR;
933     }
934 
935     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
936     mbedtls_setbuf(f, NULL);
937 
938     mbedtls_md_init(&ctx);
939 
940     if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
941         goto cleanup;
942     }
943 
944     if ((ret = mbedtls_md_starts(&ctx)) != 0) {
945         goto cleanup;
946     }
947 
948     while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
949         if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
950             goto cleanup;
951         }
952     }
953 
954     if (ferror(f) != 0) {
955         ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
956     } else {
957         ret = mbedtls_md_finish(&ctx, output);
958     }
959 
960 cleanup:
961     mbedtls_platform_zeroize(buf, sizeof(buf));
962     fclose(f);
963     mbedtls_md_free(&ctx);
964 
965     return ret;
966 }
967 #endif /* MBEDTLS_FS_IO */
968 
mbedtls_md_hmac_starts(mbedtls_md_context_t * ctx,const unsigned char * key,size_t keylen)969 int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
970 {
971     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
972     unsigned char sum[MBEDTLS_MD_MAX_SIZE];
973     unsigned char *ipad, *opad;
974 
975     if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
976         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
977     }
978 
979     if (keylen > (size_t) ctx->md_info->block_size) {
980         if ((ret = mbedtls_md_starts(ctx)) != 0) {
981             goto cleanup;
982         }
983         if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
984             goto cleanup;
985         }
986         if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
987             goto cleanup;
988         }
989 
990         keylen = ctx->md_info->size;
991         key = sum;
992     }
993 
994     ipad = (unsigned char *) ctx->hmac_ctx;
995     opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
996 
997     memset(ipad, 0x36, ctx->md_info->block_size);
998     memset(opad, 0x5C, ctx->md_info->block_size);
999 
1000     mbedtls_xor(ipad, ipad, key, keylen);
1001     mbedtls_xor(opad, opad, key, keylen);
1002 
1003     if ((ret = mbedtls_md_starts(ctx)) != 0) {
1004         goto cleanup;
1005     }
1006     if ((ret = mbedtls_md_update(ctx, ipad,
1007                                  ctx->md_info->block_size)) != 0) {
1008         goto cleanup;
1009     }
1010 
1011 cleanup:
1012     mbedtls_platform_zeroize(sum, sizeof(sum));
1013 
1014     return ret;
1015 }
1016 
mbedtls_md_hmac_update(mbedtls_md_context_t * ctx,const unsigned char * input,size_t ilen)1017 int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
1018 {
1019     if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1020         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1021     }
1022 
1023     return mbedtls_md_update(ctx, input, ilen);
1024 }
1025 
mbedtls_md_hmac_finish(mbedtls_md_context_t * ctx,unsigned char * output)1026 int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
1027 {
1028     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1029     unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
1030     unsigned char *opad;
1031 
1032     if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1033         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1034     }
1035 
1036     opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
1037 
1038     if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
1039         return ret;
1040     }
1041     if ((ret = mbedtls_md_starts(ctx)) != 0) {
1042         return ret;
1043     }
1044     if ((ret = mbedtls_md_update(ctx, opad,
1045                                  ctx->md_info->block_size)) != 0) {
1046         return ret;
1047     }
1048     if ((ret = mbedtls_md_update(ctx, tmp,
1049                                  ctx->md_info->size)) != 0) {
1050         return ret;
1051     }
1052     return mbedtls_md_finish(ctx, output);
1053 }
1054 
mbedtls_md_hmac_reset(mbedtls_md_context_t * ctx)1055 int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
1056 {
1057     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1058     unsigned char *ipad;
1059 
1060     if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
1061         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1062     }
1063 
1064     ipad = (unsigned char *) ctx->hmac_ctx;
1065 
1066     if ((ret = mbedtls_md_starts(ctx)) != 0) {
1067         return ret;
1068     }
1069     return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
1070 }
1071 
mbedtls_md_hmac(const mbedtls_md_info_t * md_info,const unsigned char * key,size_t keylen,const unsigned char * input,size_t ilen,unsigned char * output)1072 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
1073                     const unsigned char *key, size_t keylen,
1074                     const unsigned char *input, size_t ilen,
1075                     unsigned char *output)
1076 {
1077     mbedtls_md_context_t ctx;
1078     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1079 
1080     if (md_info == NULL) {
1081         return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1082     }
1083 
1084     mbedtls_md_init(&ctx);
1085 
1086     if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
1087         goto cleanup;
1088     }
1089 
1090     if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
1091         goto cleanup;
1092     }
1093     if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
1094         goto cleanup;
1095     }
1096     if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
1097         goto cleanup;
1098     }
1099 
1100 cleanup:
1101     mbedtls_md_free(&ctx);
1102 
1103     return ret;
1104 }
1105 
1106 #endif /* MBEDTLS_MD_C */
1107 
1108 #endif /* MBEDTLS_MD_LIGHT */
1109